DesignFundamentalsNews

Converting a LDPE controller image to non LDPE

From Cisco’s Kangupta

Many times we see instances where the RMA controller is shipped with an LDPE image.

 (Cisco Controller) >show sysinfo

Manufacturer’s Name………………………… Cisco Systems Inc.Product Name………………………………. Cisco Controller
Product Version……………………………. 7.0.116.0
Bootloader Version…………………………. 1.0.1
Field Recovery Image Version………………… 6.0.182.0
Firmware Version…………………………… FPGA 1.3, Env 1.6, USB console 1.27
Build Type………………………………… DATA + WPS + LDPE

 

An upgrade to an non LDPE code fails with this error-

ERROR: Incompatible SW image.ERROR: Please install the Data Payload Encryption licensed image

The LDPE image is used for Customers who are not legally allowed to use DTLS Data encryption within their regulatory domain (Russia-specific).

 

Conversion from LDPE to a non LDPE image

1)      Upgrade WLC to 7.0.230.0 LDPE image- e.g.  AIR-CT5500-LDPE-K9-7-0-230-0.aes for a 5508

2)      Download and install a free DTLS license from Cisco.com (if one is not already installed):

 

To Obtain a Data DTLS License:

 

Step 1 Browse to http://cisco.com/go/license

Step 2 Under Get New, choose IPS, Crypto, Other Licenses

Step 3 Choose the controller platform, enter the product ID and serial number.

Step 4 Complete the remaining steps to generate the license file.  The license will be provided online or via email.

Step 5 Copy the license file to your TFTP server.

Step 6 Install the license by browsing to the WLC Web Administration Page:

Management –> Software Activation –> Commands –>Action: Install License

 

3)      Once the DTLS license is installed, you will be able to upgrade/downgrade to any WLC code (including Non-LDPE).

(Cisco Controller) >show license summary

License Store: Primary License Storage
StoreIndex:  0  Feature: base                              Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium

License Store: Primary License Storage

StoreIndex:  1  Feature: base-ap-count                     Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: 500 /1 (Active/In-use)
License Priority: Medium
License Store: Primary License Storage

 

StoreIndex:  2  Feature: data_encryption                   Version: 1.0

 

License Type: Permanent

 

License State: Active, In Use

 

License Count: Non-Counted

 

License Priority: Medium

 

If the controller is on 7.0.116.0 LDPE code; you installed the DTLS license and then try to migrate to non LDPE code version of 7.0.116.0, it would fail with the following error-

 

*Transfer: Mar 28 11:32:56.609: RESULT_STRING: Transfer failure :

Upgrade from LDPE to non LDPE software is not allowed.

 

So, you will need to get on to 7.0.230.0 LDPE image (e.g.  AIR-CT5500-LDPE-K9-7-0-116-0.aes for a 5508) first before you can move to a non LDPE code.

 

This capability was introduced via CSCtw78061; meaning after installing the DTLS license you can download normal image from LDPE code just fine.

Symptom: No upgrade/downgrade is allowed from LDPE image to NON_LDPE image.

Conditions: transfer download of non-ldpe image from ldpe image

Workaround: if there is a dtls license installed and active, then upgrade/downgrade of non-ldpe image from a ldpe image is allowed.

 

This is addressed in 7.0.230.0 and 7.2.104.24

Previous post

E13 - BYOD: Policy or Tech Issue?

Next post

Wireless Field Day 3 Coverage #WFD3

George Stefanick

George Stefanick

No Comment

Leave a Reply